0 34 Risk Management Information Security What could happen? Recent developments What are we doing to manage this risk? Execution and change management What could happen? Recent developments What are we doing to manage this risk? Reporting What could happen? Recent developments What are we doing to manage this risk? Non-compliance What could happen? Recent developments What are we doing to manage this risk? Heineken N.V. Annual Report 2020 Introduction Report of the Executive Board Report of the Supervisory Board Financial Statements Sustainability Review Other Information HEINEKEN's business increasingly relies on IT, both in the office environment and in the industrial control domain of its breweries. Failure of systems or cyber security incidents could lead to business disruption, loss of confidential information, access and availability to our data, breach of data privacy regulations, and financial or reputational damage. We are more connected than ever and HEINEKEN increasingly relies on technology, both in our office environment as well as in the industrial control domain of our breweries. Online threats keep growing and becoming more sophisticated with potential consequences are more punitive and destructive in nature. Exposure to cybercrime is increasing and regulations place stricter security requirements on data processing. Cyber security is a top priority within HEINEKEN. Our cybersecurity program, which is evaluated regularly, is executed to address IT and Industrial Control Systems security globally. Our Cyber Defence Operations monitors cyber-attacks 24/7 globally. We use a global cybersecurity framework to address confidentiality, integrity and availability risks. It is focused on enhancing the resilience of our IT and Industrial Control Systems and increasing employee security awareness. In recent years, HEINEKEN has engaged in several significant business transformation programmes. Our large number of operating companies and fragmented data and technology landscape represent specific challenges to these programmes. These strategic transformation programmes may not deliver the expected benefits or may incur significant cost or time overruns. As the world becomes more digital, data is more and more an asset for a company and technological developments quickly follow each other. HEINEKEN will need to continue to develop in this area to not lose the battle for the customer and consumer and ensure it is efficient as possible. Via our portfolio management approach, we apply a consistent project and programme methodology and governance, placing ownership of the whole portfolio at top management level. HEINEKEN aims to prioritise and optimise resource allocation across its major programmes to ensure they deliver on their objectives and proactively mitigate the programme risks. The new Data Technology department, with representation on the Executive Team, will further drive standardisation and harmonisation of our data and technical landscape over our operating companies. Historically, HEINEKEN has grown its footprint organically and through mergers and acquisitionsleading to a diverse landscape of processes and systems and a low level of centralis ation. Deviations from the common accounting and reporting processes and related controls could impair the accuracy of financial and non-financial data used for Group reporting and external communications. Enhanced techniques and technology have become available to strengthen the control environment and to deliver more efficient and robust financial and non- financial data. As a result of the COVID-19 pandemic, the importance of estimates has increased. Given the uncertainty of the impact of the COVID-19 pandemic, providing reliable estimates has inherently become more difficult and greater judgement is involved. HEINEKEN is utilising enhanced techniques and technology to continue to drive the improvement and standardisation of its accounting and reporting processes and controls and to harmonise its system landscape. HEINEKEN has implemented a common framework across its operating companies which includes Internal Control over Financial Reporting, Common Accounting Policies, Standard Chart of Accounts and periodic mandatory trainings. Relating to the COVID-19 pandemic, specific accounting guidance has been shared with HEINEKEN's operating companies. The assurance model includes active monitoring of control execution, critical access and segregation of duties. HEINEKEN continues to strengthen the governance around non-financial data to further improve the quality of the data reported under its Brewing a Better World programme. Explore Further: Reporting basis governance of non-financial indicators, pages 151-159 Notes to the Consolidated Financial Statements pages 71-117 Changes in the legal and regulatory environment tend to increase the risk of non-compliance with local and global laws and regulations. Failure to comply with applicable laws and regulations could lead to claims, enforcement and reputational damage. Recent health trends may lead to an increased risk of consumers making claims. Across many geographies, law enforcement has increased over the past years, in particular with regard to anti-bribery and corruption, competition and data privacy lawsand human rights. This leads to increased risk of allegations of violations of laws and regulations by law enforcers as well as by private parties. HEINEKEN is constantly looking to enhance its internal compliance system and resilience to adapt to changes in the legal environment. HEINEKEN has embedded legal compliance in its risk and controls system and has established processes and governance to drive implementation and compliance with the Company Rules and the HEINEKEN Code of Business Conduct. Explore Further: Values and behaviours, page 148 Corporate Governance Statement, pages 40-48

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2020 | | pagina 34